CVE-2025-38715
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces is_bnode_offset_valid() method that checks the requested offset value. Also, it introduces check_and_correct_requested_length() method that checks and correct the requested length (if it is necessary). These methods are used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent the access out of allocated memory and triggering the crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-38715
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel 5.10.244-1
linux kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a slab-out-of-bounds issue in the Linux kernel's HFS filesystem code, specifically in the hfs_bnode_read() function. It occurs when the code accesses memory beyond what is allocated, which can lead to crashes. The fix involves adding methods to validate and correct the requested offset and length to prevent out-of-bounds memory access.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to out-of-bounds memory access in the HFS filesystem code. Such crashes can lead to denial of service or system instability.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the patch fixing the slab-out-of-bounds issue in hfs_bnode_read(). This patch introduces validation methods to prevent out-of-bounds memory access. Applying the latest kernel updates from your distribution is the recommended immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38715. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart